I think a lot of the new interface is a move away from the classic OS and that furthermore, this is intentional. I would hazard to say the apple is attempting to draw new users with a strong departure from the old OS. Classic was never very impressive, at a superficial level. Aqua on the other hand really wows people. For example, my room mate is very taken with transparent windows and the genie effects. He was never so drawn to classic. I think Apple is going for the awe that people experienced with the iMac, and incorporating that into OSX.
I built something similar out of an old Mac Plus. We called it the Macilloscope. We had to put a little more work into though. First we had to use a frequency generator and a really big audio amplifier to make the sampling work right. But after that, it was easy. Ahh, good times in the high school computer lab. I wish I had some photos. It looked really cool. Plus, it was useful to justify to budge they gave us to buy new stuff. The suits were impressed with the flashy pretty things (not the code we wrote or the servers we built).
The power of this codec has been validated by the fact that it has been licensed by both RealNetworks and Apple for their internet video players.
Anyone want to tell me why Apple and RealNetworks would license something that is OpenSource.
In case you're wondering their license is based upon the Mozilla Public License 1.1 (MPL 1.1). I understand this license, it should allow Apple and others to use it freely without licensing fees.
The author seems intent of finding someone or some group that is successfully leveraging Linux in the embeded market. Why doesn't he check out LynuxWorks?
You may remember these guys from LynxOS. This RTOS (in true defintion of the term -- not in the LinuxRT version) runs on countless embeded platforms. Ever setup a JetDirect card on an HP printer? That's LynxOS.
Well, these guys are doing a lot with Linux now. I attended a talk about two years ago, right before their product BlueCat (strikingly similar to RedHat, eh?) came out. My information may be out of date, but some of the stuff the guys talked about was very cool. An embeded tool-chain. Boot loaders. And most interesting source (and later binary) compatability with LynxOS (by which I mean that LynxOS would run Linux source). To quote from the web page:
BlueCat Linux applications can be migrated to the LynxOS platform with no loss of functionality and with minimal effort or delay. LynuxWorks development tools support both operating systems so there are no new tools to purchase and no new learning curves. This all means that customers can develop using BlueCat Linux and then quickly migrate and deploy applications to LynxOS when real-time needs emerge.
Anyway, as I said, my info maybe out of date, but these guys shouldn't be overlooked. Oh, and for all who are wondering, I am in no way connected to this company.
Very true. Furthermore, using H0H as the basis for fuel brings with a multitude of problems...
If a vehicle uses water to store the needed H2, it will also need an electrical source to electrolyze the water. Where does this come from? Why not just use an electrical motor?
I just don't think H2 is a viable source of power. Unlike a hydrocarbon, combustion breaks very few bonds and therefore releases very little energy. So far H2 has not proved to be a useful fuel source in other industries. Take for example wielding. A number of companies try to sell "Brown's Gas" (2 H2: 02), which is the result of electrolyzing water, to welders. I've never heard of anyone who has had good results. BG does not release enough heat to compete with acetylene or other common wielding products.
There's a lot of good information on Brown's Gas at http://www.phack.org/e/dennis.html -- this URL discusses the claims of Dennis Lee who tries to sell Brown's Gas to the unsuspecting public (among other con schemes). A very interesting read.
You miss a key point here. True, the ranks of uber-nerd linux users may be watered down with suit wearing morons, but these morons won't develop jack taco!
Truth is, the uber-nerds will still be the developers, mostly developing for themselves. The greatest threat is that they(we) will start to cater to the whims of the less knowledgable and produce useless crapy software. However, I just don't see this happening...
When I first read this story, and the mention of putting speech on a t-shirt, it reminded me of a supreme court case: Cohen v. California (1971) Here's a link to a website that fully explains it: http://case law.findlaw.com/scripts/getcase.pl?court=us&vol=40 3&invol=15. But allow me to summarize a litte:
In 1972, Paul Cohen wore a jacket with the words "Fuck the Draft" written on it into a LA court house. He was arrested for "maliciously and willfully disturb[ing] the peace or quiet of any neighborhood or person . . . by . . . offensive conduct." When the appeals process ended up in the Supreme Court, the justices held that to censure Cohen for wearing the jacket was tanamount to censuring his opionions on the war. Here are some exerpts from the decision as rendered by Justice Harlan and joined by Douglas, Brennan, Stewart, and Marshall:
The conviction quite clearly rests upon the asserted offensiveness of the words Cohen used to convey his message to the public. The only "conduct" which the State sought to punish is the fact of communication. Thus, we deal here with a conviction resting solely upon "speech," cf. Stromberg v. California, 283 U.S. 359 (1931), not upon any separately identifiable conduct which allegedly was intended by Cohen to be perceived by others as expressive of particular views but which, on its face, does not necessarily convey any message and hence arguably could be regulated without effectively repressing Cohen's ability to express himself.
To my eyes, this seems to remove all trace of wrong doing from Copyleft. It is merely expressing itself, not actually removing the CSS. Even if DeCSS is consider unlawful, Copyleft cannot be held equally responsible, nor can any individual who wears one of the shirts.
Appellant's conviction, then, rests squarely upon his exercise of the "freedom of speech" protected from arbitrary governmental interference by the Constitution and can be justified, if at all, only as a valid regulation of the manner in which he exercised that freedom, not as a permissible prohibition on the substantive message it conveys.
Once again the shirt cannot be held to be illegal unless itself violates valid regulation of speech. Generally, these "valid regulations" are held to be such things as "fighting words" (speech that can be reasonably assumed to incite violence), obscenity (remember that man in MI who was fined for swearing in front of women and children?), and some other very narrowly defined situations. None of these seem to apply to Copyleft.
Additionally, we cannot overlook the fact, because it [403 U.S. 15, 26] is well illustrated by the episode involved here, that much linguistic expression serves a dual communicative function: it conveys not only ideas capable of relatively precise, detached explication, but otherwise inexpressible emotions as well. In fact, words are often chosen as much for their emotive as their cognitive force. We cannot sanction the view that the Constitution, while solicitous of the cognitive content of individual speech, has little or no regard for that emotive function which, practically speaking, may often be the more important element of the overall message sought to be communicated. Indeed, as Mr. Justice Frankfurter has said, "[o]ne of the prerogatives of American citizenship is the right to criticize public men and measures - and that means not only informed and responsible criticism but the freedom to speak foolishly and without moderation." Baumgartner v. United States, 322 U.S. 665, 673 -674 (1944).
This is precisely the situation with DeCSS, though this time we are speaking out against corporations instead of the state. To wear a DeCSS t-shirt is to "criticize public men and measures." CSS has flaws (in most geeks' opinions) and this T-shirt by Copyleft expresses those opinions. Just as Cohen spoke out against the draft by wearing his shirt, so should geeks speak out against CSS by wearing theirs.
Alot of people are saying that geeks don't have a political cause. The harken back to the days of Vietnam and those protests. But if you look carefully, history is repeating itself! This DeCSS shirt debate is not very dissimilar to that of Cohen.
Well, this concludes our Constitutional Law 101 class for today. Their might be a pop quiz tomorrow, so study up! Class dismissed.
-Mark Fredrickson (I'm not a law prof so don't consider any of this stuff accurate!)
Maybe not. Here in Minnesota (uh oh! I just gave away my location!) our DMV is no longer allowed to give away records by default. In the past, DMV forms had a check box that would allow you to "hide" your info from people who would buy the DMV lists. Now we have the opposite. You have to check the box to allow your records to be sold.
If I remember correctly the MN gov't did this because of a federal law. So this same legislation may be coming to state near you. Anybody want to back me up on this?
Your plan isn't nearly invasive enough. What we need is a "Matrix" like connection to the brain. Plug in your noggin and it will feel just like the real/unreal thing. With a direct connection we can manipulate all possible senses.
Clearly, this tech is not in the immediate future, but if were are dreaming about cool stuff (or uncool - think Matrix again) why not go all the way.
My only gripe would be if it plugged into USB, the technology of the devil in my opion (no flame intended).
For example: I write program XYZ on Jan 1, 2000. My last version was "1.1". Now, my next version becomes "1.2.01-01-2000"
This scheme has the advantage of allowing for very rapid developments. If I stay up all night and code a few bugfixes or implement a vew features, I can title my new XYZ "1.2.01-02-2000" People know I didn't change a lot (otherwise it would be 1.3.01-02-2000) and exactly when it appear.
I think synthesis is better than either of the original options.
You can't get a blue screen on a black and white monitor.
Frankly, the whole issue is moot. Here is why: 1. If one is 18+ yrs old, then the clause does not apply to him or her and that person can download the software with both a clear conscience and a legal right to do so. 2. If the person is less than 18, the agreeing to the contract is pointless because a minor cannot be held responsible anyway. In either case, the clause serves no purpose because either it doesn't apply because of age, or because of age, the responsibility is negated. This is not to say, that I support Corel. I think they were wrong to add this clause. But I think the real point is being missed. The question is not why are minors being licensed, but rather, why is anybody being licensed? Each individual piece of software has its own license. Be it GPL, BSD, or Corel. Why included the EULA at all?
Would you rather it be done after dark, under cover of darkness. Get the night vision goggles - I have to be moral! Really, the journalistics work that was done was enlightening. Due to the lack of facilities being brought forth by Ubermensch, we have no choice but to decide whether this project has the proper backing but by looking at the commericial side of the project. Clearly, the facilities there do not support a cluster, and since we do not know where else the cluster would be we must take this to be the symbolic, if not actual, location for the project.
I live not far (nor close) to LaCrosse, so I emailed the head honcho about a visit. Synopsis: This project is so secret that a donor can't come see where his machine will go. I was interested in the project before - but now it just sounds like a scam. see the whole email (kinda interesting which questions he answers (hah!) and which he doesn't)
I'm thinking about trying to get there this week end. I live in MN, not too far (nor too close) to LaCrosse. For me shipping would be more exspensive, plus I want to see the place.
Placing swaps between other partitions is again a throw back to the days of less powerful machines. Back when disks had the speed of Fred Flinstone in his foot powered car, the time for a disk head to move between data and swap was considerable. Thus the advice was to alternate data - swap -data so that heads would move less when disk paging. Having a data - data -swap configuration could lead to a preformace hitch if the heads had to transverse the extra data partition in the middle. Now days as drives get faster, this consideration is minimal. Theoretically, one can still get a performance advantage by alternating types, but if preformance is this important you are better off just buying more RAM.
-Bigdaddy "You can't get a blue screen on a monochrome monitor!"
Preformance comparison on an iMac or G3 is really not a fair fight. Apple has yet to truly break away from the same OS code they've been using since the Lisa. Their "commitment" to backwards compatibility has been almost sickening (anybody have a copy of Copeland for me? ha ha). The processor itself is a work of art. Though it doesn't do floating point calculations as well as an x86, the integer math is second to none in the micro computer field. Unfortunately, when couple with the pile of code Apple calls an OS, the processor never has a chnace to shine! I'm just holding my breath until OS X when the main stream can finally get a decent OS to bring Apple back from the grave. Until then, LinuxPPC for me... -BigDaddy
A lot of people have been posting that one ought to turn off unused/unnecessary services. While this is good advice in general, it misses a need that most sysadmins have: they need certain services - some of which create security holes. For example- if you run a small corp/edu server you may need http for web presence, ftp to distribute files/documents/patches/etc, telnet to allow users/students/employees access mail/personal files/programs/etc, and any other number of personal services. These necessary activities cannot simply be discarded without losing the importance and function of the server itself. I do believe that there is an alternative - play a little shell game with the port numbers. Considering most users will either learn of their access either by direct interview or by documentation they alone will likely see, the oppertunity to change where the services run arises. For example: on a small edu server, the telnet port was changed from the standard "23" to a much higher number(>800). This removed the oppertunity of a kiddie to "telnet server.domain.edu" He or she now has to know the port number. Avgerage users will know this number and thus "telnet server.domain.edu ###" allows them to telnet into the server to use whatever the server was designed for. Admittedly, a simple port mapper utility will still be able to find the unlisted ports (my personal favorite is nmap by fyodor -- www.insecure.org). But in the end, some security is gained in a service that would otherwise be a complete security hole. This shell game concept can be further extended to increase security. Because the port numbers must be made non-standard anyway, the services can too be changed. Another edu example: A server is running ftp to distribute files like syllabi to students. Instead of ftp, http can be substitued running on a non-standard port. Now students can gain access to the files they need via "server.domain.edu:####" instead of ftp. A second httpd running on the new port accomplished the job with more security. I don't claim to be an expert, and I agree that restricting services is the most effective means to net security. But at the same time, I can see the need for some services. I hope this has been helpful to present some options to overcome this dilemma.
As a crack proof OS, OpenBSD has my support. It encorperates Blowfish, kerbos (old version), and several other types of encryption right into the kernel. I myself haven't started using OpenBSD yet, but the literature at their website www.openbsd.org is rather exstensive. I recommend you check it out.
I think this is a good check list - however, I must make an addendum. The host file "ALL:PARANOID" is not fool proof. I quickly set up my first debian system, and then left without changing many of the options. Later, via telnet I tried to login and was rejected by the hosts file. Luckily for me, I was able to use "rlogin" to gain a connection to my server. I'm no expert, but I think this annecdote does demonstrate a back door not covered in the above list. My recommendation is to turn off "r" services as quickly as possible, as they are the epitomy of insecurity.
Slashdot Mirror
just my thoughts as a mac user.
I built something similar out of an old Mac Plus. We called it the Macilloscope. We had to put a little more work into though. First we had to use a frequency generator and a really big audio amplifier to make the sampling work right. But after that, it was easy. Ahh, good times in the high school computer lab. I wish I had some photos. It looked really cool. Plus, it was useful to justify to budge they gave us to buy new stuff. The suits were impressed with the flashy pretty things (not the code we wrote or the servers we built).
It's available from their cvs server. Look at: this page for more info on browsing the CVS tree.
The power of this codec has been validated by the fact that it has been licensed by both RealNetworks and Apple for their internet video players.
Anyone want to tell me why Apple and RealNetworks would license something that is OpenSource.
In case you're wondering their license is based upon the Mozilla Public License 1.1 (MPL 1.1). I understand this license, it should allow Apple and others to use it freely without licensing fees.
The page linked in the article is notably lacking in any resembling information on this codec. For more info try: On2's website
The author seems intent of finding someone or some group that is successfully leveraging Linux in the embeded market. Why doesn't he check out LynuxWorks?
You may remember these guys from LynxOS. This RTOS (in true defintion of the term -- not in the LinuxRT version) runs on countless embeded platforms. Ever setup a JetDirect card on an HP printer? That's LynxOS.
Well, these guys are doing a lot with Linux now. I attended a talk about two years ago, right before their product BlueCat (strikingly similar to RedHat, eh?) came out. My information may be out of date, but some of the stuff the guys talked about was very cool. An embeded tool-chain. Boot loaders. And most interesting source (and later binary) compatability with LynxOS (by which I mean that LynxOS would run Linux source). To quote from the web page: BlueCat Linux applications can be migrated to the LynxOS platform with no loss of functionality and with minimal effort or delay. LynuxWorks development tools support both operating systems so there are no new tools to purchase and no new learning curves. This all means that customers can develop using BlueCat Linux and then quickly migrate and deploy applications to LynxOS when real-time needs emerge. Anyway, as I said, my info maybe out of date, but these guys shouldn't be overlooked. Oh, and for all who are wondering, I am in no way connected to this company.
Very true. Furthermore, using H0H as the basis for fuel brings with a multitude of problems...
If a vehicle uses water to store the needed H2, it will also need an electrical source to electrolyze the water. Where does this come from? Why not just use an electrical motor?
I just don't think H2 is a viable source of power. Unlike a hydrocarbon, combustion breaks very few bonds and therefore releases very little energy. So far H2 has not proved to be a useful fuel source in other industries. Take for example wielding. A number of companies try to sell "Brown's Gas" (2 H2: 02), which is the result of electrolyzing water, to welders. I've never heard of anyone who has had good results. BG does not release enough heat to compete with acetylene or other common wielding products.
There's a lot of good information on Brown's Gas at http://www.phack.org/e/dennis.html -- this URL discusses the claims of Dennis Lee who tries to sell Brown's Gas to the unsuspecting public (among other con schemes). A very interesting read.
Truth is, the uber-nerds will still be the developers, mostly developing for themselves. The greatest threat is that they(we) will start to cater to the whims of the less knowledgable and produce useless crapy software. However, I just don't see this happening...
In 1972, Paul Cohen wore a jacket with the words "Fuck the Draft" written on it into a LA court house. He was arrested for "maliciously and willfully disturb[ing] the peace or quiet of any neighborhood or person . . . by . . . offensive conduct." When the appeals process ended up in the Supreme Court, the justices held that to censure Cohen for wearing the jacket was tanamount to censuring his opionions on the war. Here are some exerpts from the decision as rendered by Justice Harlan and joined by Douglas, Brennan, Stewart, and Marshall:
The conviction quite clearly rests upon the asserted offensiveness of the words Cohen used to convey his message to the public. The only "conduct" which the State sought to punish is the fact of communication. Thus, we deal here with a conviction resting solely upon "speech," cf. Stromberg v. California, 283 U.S. 359 (1931), not upon any separately identifiable conduct which allegedly was intended by Cohen to be perceived by others as expressive of particular views but which, on its face, does not necessarily convey any message and hence arguably could be regulated without effectively repressing Cohen's ability to express himself.
To my eyes, this seems to remove all trace of wrong doing from Copyleft. It is merely expressing itself, not actually removing the CSS. Even if DeCSS is consider unlawful, Copyleft cannot be held equally responsible, nor can any individual who wears one of the shirts.
Appellant's conviction, then, rests squarely upon his exercise of the "freedom of speech" protected from arbitrary governmental interference by the Constitution and can be justified, if at all, only as a valid regulation of the manner in which he exercised that freedom, not as a permissible prohibition on the substantive message it conveys.
Once again the shirt cannot be held to be illegal unless itself violates valid regulation of speech. Generally, these "valid regulations" are held to be such things as "fighting words" (speech that can be reasonably assumed to incite violence), obscenity (remember that man in MI who was fined for swearing in front of women and children?), and some other very narrowly defined situations. None of these seem to apply to Copyleft.
Additionally, we cannot overlook the fact, because it [403 U.S. 15, 26] is well illustrated by the episode involved here, that much linguistic expression serves a dual communicative function: it conveys not only ideas capable of relatively precise, detached explication, but otherwise inexpressible emotions as well. In fact, words are often chosen as much for their emotive as their cognitive force. We cannot sanction the view that the Constitution, while solicitous of the cognitive content of individual speech, has little or no regard for that emotive function which, practically speaking, may often be the more important element of the overall message sought to be communicated. Indeed, as Mr. Justice Frankfurter has said, "[o]ne of the prerogatives of American citizenship is the right to criticize public men and measures - and that means not only informed and responsible criticism but the freedom to speak foolishly and without moderation." Baumgartner v. United States, 322 U.S. 665, 673 -674 (1944).
This is precisely the situation with DeCSS, though this time we are speaking out against corporations instead of the state. To wear a DeCSS t-shirt is to "criticize public men and measures." CSS has flaws (in most geeks' opinions) and this T-shirt by Copyleft expresses those opinions. Just as Cohen spoke out against the draft by wearing his shirt, so should geeks speak out against CSS by wearing theirs.
Alot of people are saying that geeks don't have a political cause. The harken back to the days of Vietnam and those protests. But if you look carefully, history is repeating itself! This DeCSS shirt debate is not very dissimilar to that of Cohen.
Well, this concludes our Constitutional Law 101 class for today. Their might be a pop quiz tomorrow, so study up! Class dismissed.
-Mark Fredrickson (I'm not a law prof so don't consider any of this stuff accurate!)
If I remember correctly the MN gov't did this because of a federal law. So this same legislation may be coming to state near you. Anybody want to back me up on this?
http://www.linuxdoc.org/HOWTO/Xin erama-HOWTO.html
Good stuff. Check it out.
Clearly, this tech is not in the immediate future, but if were are dreaming about cool stuff (or uncool - think Matrix again) why not go all the way.
My only gripe would be if it plugged into USB, the technology of the devil in my opion (no flame intended).
For example: I write program XYZ on Jan 1, 2000. My last version was "1.1". Now, my next version becomes "1.2.01-01-2000"
This scheme has the advantage of allowing for very rapid developments. If I stay up all night and code a few bugfixes or implement a vew features, I can title my new XYZ "1.2.01-02-2000" People know I didn't change a lot (otherwise it would be 1.3.01-02-2000) and exactly when it appear.
I think synthesis is better than either of the original options.
You can't get a blue screen on a black and white monitor.
Frankly, the whole issue is moot. Here is why: 1. If one is 18+ yrs old, then the clause does not apply to him or her and that person can download the software with both a clear conscience and a legal right to do so. 2. If the person is less than 18, the agreeing to the contract is pointless because a minor cannot be held responsible anyway. In either case, the clause serves no purpose because either it doesn't apply because of age, or because of age, the responsibility is negated. This is not to say, that I support Corel. I think they were wrong to add this clause. But I think the real point is being missed. The question is not why are minors being licensed, but rather, why is anybody being licensed? Each individual piece of software has its own license. Be it GPL, BSD, or Corel. Why included the EULA at all?
Would you rather it be done after dark, under cover of darkness. Get the night vision goggles - I have to be moral! Really, the journalistics work that was done was enlightening. Due to the lack of facilities being brought forth by Ubermensch, we have no choice but to decide whether this project has the proper backing but by looking at the commericial side of the project. Clearly, the facilities there do not support a cluster, and since we do not know where else the cluster would be we must take this to be the symbolic, if not actual, location for the project.
I live not far (nor close) to LaCrosse, so I emailed the head honcho about a visit.
Synopsis: This project is so secret that a donor can't come see where his machine will go.
I was interested in the project before - but now it just sounds like a scam.
see the whole email (kinda interesting which questions he answers (hah!) and which he doesn't)
I'm thinking about trying to get there this week end. I live in MN, not too far (nor too close) to LaCrosse. For me shipping would be more exspensive, plus I want to see the place.
Placing swaps between other partitions is again a throw back to the days of less powerful machines. Back when disks had the speed of Fred Flinstone in his foot powered car, the time for a disk head to move between data and swap was considerable. Thus the advice was to alternate data - swap -data so that heads would move less when disk paging. Having a data - data -swap configuration could lead to a preformace hitch if the heads had to transverse the extra data partition in the middle. Now days as drives get faster, this consideration is minimal. Theoretically, one can still get a performance advantage by alternating types, but if preformance is this important you are better off just buying more RAM.
-Bigdaddy
"You can't get a blue screen on a monochrome monitor!"
Preformance comparison on an iMac or G3 is really not a fair fight. Apple has yet to truly break away from the same OS code they've been using since the Lisa. Their "commitment" to backwards compatibility has been almost sickening (anybody have a copy of Copeland for me? ha ha). The processor itself is a work of art. Though it doesn't do floating point calculations as well as an x86, the integer math is second to none in the micro computer field. Unfortunately, when couple with the pile of code Apple calls an OS, the processor never has a chnace to shine! I'm just holding my breath until OS X when the main stream can finally get a decent OS to bring Apple back from the grave. Until then, LinuxPPC for me...
-BigDaddy
A lot of people have been posting that one ought to turn off unused/unnecessary services. While this is good advice in general, it misses a need that most sysadmins have: they need certain services - some of which create security holes. For example- if you run a small corp/edu server you may need http for web presence, ftp to distribute files/documents/patches/etc, telnet to allow users/students/employees access mail/personal files/programs/etc, and any other number of personal services. These necessary activities cannot simply be discarded without losing the importance and function of the server itself.
I do believe that there is an alternative - play a little shell game with the port numbers. Considering most users will either learn of their access either by direct interview or by documentation they alone will likely see, the oppertunity to change where the services run arises. For example: on a small edu server, the telnet port was changed from the standard "23" to a much higher number(>800). This removed the oppertunity of a kiddie to "telnet server.domain.edu" He or she now has to know the port number. Avgerage users will know this number and thus "telnet server.domain.edu ###" allows them to telnet into the server to use whatever the server was designed for. Admittedly, a simple port mapper utility will still be able to find the unlisted ports (my personal favorite is nmap by fyodor -- www.insecure.org). But in the end, some security is gained in a service that would otherwise be a complete security hole.
This shell game concept can be further extended to increase security. Because the port numbers must be made non-standard anyway, the services can too be changed. Another edu example: A server is running ftp to distribute files like syllabi to students. Instead of ftp, http can be substitued running on a non-standard port. Now students can gain access to the files they need via "server.domain.edu:####" instead of ftp. A second httpd running on the new port accomplished the job with more security.
I don't claim to be an expert, and I agree that restricting services is the most effective means to net security. But at the same time, I can see the need for some services. I hope this has been helpful to present some options to overcome this dilemma.
As a crack proof OS, OpenBSD has my support. It encorperates Blowfish, kerbos (old version), and several other types of encryption right into the kernel.
I myself haven't started using OpenBSD yet, but the literature at their website www.openbsd.org is rather exstensive. I recommend you check it out.
I think this is a good check list - however, I must make an addendum. The host file "ALL:PARANOID" is not fool proof.
I quickly set up my first debian system, and then left without changing many of the options. Later, via telnet I tried to login and was rejected by the hosts file. Luckily for me, I was able to use "rlogin" to gain a connection to my server. I'm no expert, but I think this annecdote does demonstrate a back door not covered in the above list. My recommendation is to turn off "r" services as quickly as possible, as they are the epitomy of insecurity.